EU Parliament Blocks Outlook Apps For Members Over Privacy Concerns

jfruh writes Microsoft last week released Outlook apps for iOS and Android, but one group that won't be getting to use them is members of the European Parliament. They've been advised by their tech staff that the apps are insecure and that they shouldn't download them — and if they have, they should change their Outlook passwords.

Re:Why?

[clorkster]

Why make it download emails from a Exchange server and then reupload it to some out-of-organization server?

According to the article this is not the reasoning that is being given for banning the app. As with any aggregator app that runs on a phone, there are many rather plain reasons why data such as emails and attachments would be temporarily stored on the app provider's servers.

The real issue that is being objected to here is that the app double-encrypts login credentials for various email providers using both a unique-per-client key that they generate and a key that is derived from the specific piece of hardware accessing the data. This encrypted data is then stored in "the cloud". The counterpoint to this methodology is gmail's use of OAuth to avoid storing any credentials - regardless of the sophistication of the encryption scheme - in a public cloud setup.